<?php /*
	*/ ?>
<?php include("system/config.inc.php");
$donotinclude = 1;
if(!isset($_SESSION['memberid']) && !isset($_SESSION['custid'])!="") {
	header("location:customerlogin.php");
	die();
}
// check customer basket is empty or not
if(isset($_SESSION['memberid']) && trim($_SESSION['memberid']!="")) {
	$id = $_SESSION['memberid'];
	$sqlbask="select * from tblcustomerbaskets where intcustomerid='$id'";
	$resbask=$n02586916_db->select($sqlbask);
	if(count($resbask)==0) {
		header("location:customerlogin.php");
		die();
	}
} else if(isset($_SESSION['custid']) && ($_SESSION['custid'])!="") {
	$id= $_SESSION['custid'];
	$sqlbask="select * from tblcustomerbaskets where intcustomerid='$id'";
	$resbask=$n02586916_db->select($sqlbask);
	if(count($resbask)==0) {
		header("location:customerlogin.php");
		die();
	}
}
if(isset($_SESSION['memberid']) && ($_SESSION['memberid'])!="") {
	$userid=mysql_real_escape_string($_SESSION['memberid']);
} else if(isset($_SESSION['custid']) && ($_SESSION['custid'])!="") {
	$userid=mysql_real_escape_string($_SESSION['custid']);
}

$session=session_id();
$sql4 = "UPDATE `tblcustomerbaskets` SET `intcustomerid` = '$userid' WHERE `varsessionid`='$session'";
$n02586916_db->edit($sql4);
?>
<?php include("inc/head.inc.php");?>
<script language="javascript">
function check()
{
	var cond=true;
	if(document.code.dcode.value.length==0)
	{
		alert("Please enter Code.");
		if(cond==true)
		{
			document.code.dcode.focus();
		}
		cond=false;
		return false;
	}	
}	
</script>
<body>
<table width="824" border="0" cellpadding="0" cellspacing="0"  align="center">
  
  <tr>
    <td class="headerclass"><?php include(INC."top.inc.php") ?></td>
  </tr>
  <tr>
    <td valign="top" class="maincontainer"><table width="100%" border="0" cellpadding="0" cellspacing="0">
      <tr><td valign="top"class="leftmenuback"><?php include(INC."left.inc.php") ?></td>
        <td valign="top">
		<div class="pageheader">Order Confirmation</div>
		<div style="float:right"><img src="images/back.gif" width="60" height="19" border="0" onClick="history.go(-1);"/></div>
		
		<table width="98%" border="0" align="left" cellpadding="0" cellspacing="0">
		 <tr>
           <td height="23" valign="middle" class="font">&nbsp; <span class="font">&nbsp;1&nbsp;&nbsp;confirm</span> | <span class="font">&nbsp;2&nbsp;&nbsp;postage</span> | <span class="font">&nbsp;3&nbsp;&nbsp;pay</span> | <span class="font">&nbsp;5&nbsp;&nbsp;Discount Codes</span> | <span class="price">&nbsp;5&nbsp;&nbsp;Order Confirmation</span></td>
	    </tr>
        <tr>
          <td align="center">
		  <br />
			  <div style="border:1px solid #000000; margin-left:5px;padding:5px; float:left;">
					<div class="search">Delivery Address [<a href="checkoutshiping.php?a=2" class="editlink">Edit</a>]</div>
                  <?php 
			if(isset($_SESSION['memberid']) && ($_SESSION['memberid'])!="") {
				$custid=mysql_real_escape_string($_SESSION['memberid']);
			} else if(isset($_SESSION['custid']) && ($_SESSION['custid'])!="") {
				$custid=mysql_real_escape_string($_SESSION['custid']);
			}
			$sql="select * from tblcustomeradd where intcustomerid='$custid'";
			$res=$n02586916_db->select($sql);
			if($res) {?>
				<div class="addressfont"><?php echo $res[0]['vardeliverystreetaddress'];?><br />
				<?php echo $res[0]['vardeliverycity'];?><br />
				<?php echo $res[0]['vardeliverypostcode'];?><br />
				<?php echo $res[0]['vardeliverystate'];?><br />
				<?php echo $res[0]['vardeliverycountry'];?><br />
				</div>
			<?php }?>
			</div>
			
			<div style="border:1px solid #000000; margin-left:5px;padding:5px; float:right;">
					<div class="search">Billing Address [<a href="checkoutpayment.php?a=2" class="editlink">Edit</a>]</div>
					  <?php 
					if(isset($_SESSION['memberid']) && ($_SESSION['memberid'])!="") {
						$custid=mysql_real_escape_string($_SESSION['memberid']);
					} else if(isset($_REQUEST['custid']) && ($_REQUEST['custid'])!="") {
						$custid=mysql_real_escape_string($_REQUEST['custid']);
					}
					$sql="select * from tblcustomeradd where intcustomerid='$custid'";
					$res=$n02586916_db->select($sql);
					if($res) {
					?>
					<div class="addressfont"><?php echo $res[0]['varbillingstreetaddress'];?><br />
					<?php echo $res[0]['varbillingcity'];?><br />
					<?php echo $res[0]['varbillingpostcode'];?><br />
					<?php echo $res[0]['varbillingstate'];?><br />
					<?php echo $res[0]['varbillingcountry'];?><br />
					</div>
					<?php } ?>
			  </div>
		  <table width="98%" border="0" cellspacing="0" cellpadding="3">
                  <tr>
                    <td height="23" colspan="4" class="search">&nbsp; Products[<a href="cart.php" class="editlink">Edit</a>] </td>
                    </tr>
                  <tr>
                    <td align="center" bgcolor="#000000" class="style1"><strong>Qty</strong></td>
                    <td align="center" bgcolor="#000000" class="style1"><strong>Item Price (&pound;)</strong></td>
                    <td align="center" bgcolor="#000000" class="style1"><strong>Product Name </strong></td>
                    <td align="center" bgcolor="#000000" class="style1"><strong>Total (&pound;)</strong></td>
                  </tr>
                  <tr>
        <?php 
		if(isset($_SESSION['memberid']) && ($_SESSION['memberid'])!="") {
			$custid=$_SESSION['memberid'];
		} else if(isset($_SESSION['custid']) && ($_SESSION['custid'])!="") {
			$custid= $_SESSION['custid'];
		}
		$sum = 0.00;
	  	$sql1="select * from tblcustomerbaskets where intcustomerid=".$custid;
		$resbask=$n02586916_db->select($sql1);
		if(count($resbask)>0) {
			for($i=0;$i<count($resbask);$i++)
			{
				$prtid=$resbask[$i]['intproductid'];
	  	?>
           <td align="center" class="font">
				<?php 
			   $sql9="select * from tblproddesc where intid='$prtid'";
					$resimg=$n02586916_db->select($sql9);
					if(count($resimg)>0) {
						for($j=0;$j<count($resimg);$j++) {
							echo $resbask[$i]['intproductquantity']."<br>";
							$price=$resbask[$i]['dectotalprice'];
				  ?></td>
					<td align="center" class="font"><?php echo number_format(round($resbask[$i]['dectotalprice'],2), 2, '.', '');?></td>
					<td align="center" class="font"><?php echo stripslashes($resimg[$j]['varprodname']);?></td>
                    <td align="center" class="font"><?php echo number_format(round($resbask[$i]['dectotalprice']*$resbask[$i]['intproductquantity'],2), 2, '.', '');?></td>
                  </tr><?php $sum=$sum+number_format(($resbask[$i]['dectotalprice']*$resbask[$i]['intproductquantity']));
					}
				}
			}
		}
?>
		<tr>
        	<td colspan="4" style="border-bottom:1px solid #000000;">&nbsp;</td>
        </tr>
		 <tr>
           <td colspan="2" class="fontsmall">&nbsp;</td>
           <td align="right" class="font">Shipping Rate :</td>
           <td align="center" class="font"> +&nbsp;
           <?php 
		   $charge=0.00;
					if(isset($_REQUEST['ship'])) {
						$shipping=mysql_real_escape_string($_REQUEST['ship']);
						$sqlm="select * from tblshippingmaster where intid='$shipping'";
						$resm=$n02586916_db->select($sqlm);
						if($resm) {
							$charge=$resm[0]['decshipcost'];
						} else {
							$charge=0.00;
						}
						echo "&pound;".number_format($charge, 2, '.', '');
					} else { 
						echo "&pound; 0.00"; 
					}
					?></td>
                  </tr>
				  <tr>
                    <td colspan="2" class="fontsmall">&nbsp;</td>
                    <td align="right" class="font"> Discount : </td>
                    <td align="center" class="font">-&nbsp;
                      <?php 
					  	$dis=0.00;
						if(isset($_SESSION['discount']) && ($_SESSION['discount'])!="") { 
							$discountcode=$_SESSION['discount'];
							$sqld="select * from tbldiscountcode where varcode='$discountcode'";
							$resultd=$n02586916_db->select($sqld);
							if($resultd) {
								$dicode=$resultd[0]['varcode'];
								$discount= $resultd[0]['decdiscount'];
								$type=$resultd[0]['intdesctype'];
								$minbuy=$resultd[0]['decminbuy'];
								if($sum>$minbuy) {
									if($type==1) {	
										$dis=($sum*$discount)/100;
										echo "&pound;".number_format(round($dis,2), 2, '.', '');
									} else if($type==2) {
										$dis=$discount;
										echo "&pound;".number_format(round($dis,2), 2, '.', '');
									} else {
										$dis=0.00; echo "&pound;".$dis;
									}
								} else {
									$dis=0.00; echo "&pound;".$dis;
								}
							} else {
								$dis=0.00;
							}
						}
					?></td>
                  </tr>
				   <tr>
                    <td colspan="2" class="fontsmall">&nbsp;</td>
                     <td align="right" class="font"> VAT: </td>
                    <td align="center" class="font">+&nbsp;
                      <?php 
					  $tax = $sum+$charge-$dis;
						// calc tax
							$taxsql="SELECT * FROM tbltaxrates";
							$taxresults=$n02586916_db->select($taxsql);
							$vatamount = $taxresults[0]['vatrate'];
							$amountvat = ($tax/100)*$vatamount;
							echo "&pound;".number_format(round($amountvat,2), 2, '.', '');
					  ?>
					</td>
                  </tr>
				   <tr>
                    <td colspan="2" class="fontsmall">&nbsp;</td>
                    <td align="right" class="price"><span class="search"><strong>Total : </strong></span></td>
                    <td align="center" class="font">
					<?php 
					$to=$sum+$charge+$amountvat-$dis;
					echo "&pound;".number_format(round($to,2), 2, '.', '');
					?></td>
                  </tr>
		</table>
<br />
<br />
      <table width="100%" border="0" cellpadding="0" cellspacing="2" >
        <tr>
          <td align="center" valign="bottom" class="fontsmall">
		  <form id="form1" name="pay" method="post" action="https://www.paypal.com/cgi-bin/webscr">
			    <input name="Submit" type="submit" class="btn" value="Secure Payment" />
	 		 <?php 
			$_SESSION['ship'] = $shipping;
			$_SESSION['total'] = $to;
			$sql="select * from tblpaypalsettings";
			$res=$n02586916_db->select($sql);
			if($res) {
			?>
				  <input type="hidden" name="cmd" value="_xclick" />
				  <input type="hidden" name="business" value="<?php echo $res[0]['varpaypalemail'];?>" />
				  <input type="hidden" name="item_name" value="<?php echo SITENAME;?> order payment." />
				  <input type="hidden" name="amount" value="<?php echo number_format(round($to,2), 2, '.', '');?>" />
				  <input type="hidden" name="quantity" value="1">
				  <input type="hidden" name="no_shipping" value="1" />
				  <input type="hidden" name="no_note" value="1" />
				  <input type="hidden" name="currency_code" value="GBP" />
				  <input type="hidden" name="payment_type" value="instant" />
				  <input type="hidden" name="return" value="<?php echo WEBSITEURL;?>/ppcomplete.php?userid=<?php echo $userid;?>" />
				  <input type="hidden" name="cancel_return" value="<?php echo WEBSITEURL;?>/ppcancel.php?userid=<?php echo $userid;?>" />
				  <input name="a3" value="0.00" type="hidden" />
				  <input name="p3" value="0" type="hidden" />
				  <input name="t3" value="M" type="hidden" />
				  <input name="src" value="0" type="hidden" />
				  <input name="sra" value="0" type="hidden" />
				  <input type="hidden" name="custom" value="<?php echo $userid;?>">
				  <input type="hidden" name="charset" value="utf-8">
				  <input type="hidden" name="rm" value="2">
				  <input type="hidden" name="tax" value="0">
  				  <input type="hidden" name="image_url" value="<?php echo WEBSITEURL;?>/images/header-logo.jpg">
			  <?php } ?>
			</form>		  
			</td>
		  </tr>
        <tr>
          <td align="center" class="fontsmall">&nbsp;</td>
        </tr>
    </table>		  </td>
        </tr> 
    </table>		</td>
      </tr>
    </table>
    </td>
  </tr>
  <tr>
    <td><?php include "inc/bottom.inc.php"; ?></td>
  </tr>
</table>
</body>
</html>
